Security news.
Today's security landscape is marked by active exploitation and state-sponsored threats. Several reports highlight ongoing campaigns by Russian and Iranian-linked actors targeting critical infrastructure and stealing credentials, while a critical RCE vulnerability in Flowise is also being actively exploited.
Max severity Flowise RCE vulnerability now exploited in attacks
A maximum-severity vulnerability, CVE-2025-59528, in the open-source platform Flowise for building LLM apps is being actively exploited to execute arbitrary code.
Snowflake customers hit in data theft attacks after SaaS integrator breach
Over a dozen companies have experienced data theft after a SaaS integration provider was breached, leading to the compromise of authentication tokens used by Snowflake customers.
Russia Hacked Routers to Steal Microsoft Office Tokens
Russian military intelligence-linked hackers (APT28) are exploiting known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users across more than 18,000 networks.
US warns of Iranian hackers targeting critical infrastructure
Iranian-linked hackers are actively targeting Internet-exposed Rockwell/Allen-Bradley programmable logic controllers (PLCs) on U.S. critical infrastructure networks.
Authorities disrupt router DNS hijacks used to steal Microsoft 365 logins
An international law enforcement operation has disrupted FrostArmada, an APT28 campaign that hijacked MikroTik and TP-Link routers to steal Microsoft account credentials.
Docker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access
A high-severity vulnerability, CVE-2026-34040 (CVSS 8.8), in Docker Engine could allow attackers to bypass authorization plugins under specific circumstances, stemming from an incomplete fix for CVE-2024-41110.
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added CVE-2026-35616, a Fortinet FortiClient EMS Improper Access Control Vulnerability, to its KEV Catalog due to evidence of active exploitation.
Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign
An active campaign is targeting internet-exposed instances of ComfyUI, a stable diffusion platform, to enlist them into a cryptocurrency mining and proxy botnet.